Enterprise QoS Solution Reference Network Design Guide
Enterprise QoS Solution Reference Network Design Guide
Enterprise QoS Solution Reference Network Design Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Catalyst 6500 PFC2/PFC3—<strong>QoS</strong> Considerations and <strong>Design</strong><br />
2-80<br />
<strong>Enterprise</strong> <strong>QoS</strong> <strong>Solution</strong> <strong>Reference</strong> <strong>Network</strong> <strong>Design</strong> <strong>Guide</strong><br />
Chapter 2 Campus <strong>QoS</strong> <strong>Design</strong><br />
Additionally, <strong>QoS</strong> policies may be applied to VLANs or to ports. There was never any significant<br />
advantage of using one base over the other; however, Auto<strong>QoS</strong> tools favor port-based <strong>QoS</strong>, as it is<br />
marginally simpler to configure. Port-based <strong>QoS</strong> is the default per-port setting and all examples in this<br />
chapter are configured using port-based <strong>QoS</strong>.<br />
All ports (once <strong>QoS</strong> has been globally enabled) are set to an untrusted state by default. Also, by default,<br />
the trust-extension state is set to untrusted and the extended-CoS is correspondingly set to 0.<br />
All packets received through an untrusted port (whether the untrusted port is the actual switch port or<br />
the extended switch port in the back of a Cisco IP Phone) are marked to a CoS value of 3, by default.<br />
This default marking should be set instead to 0 on all ports connected to untrusted endpoints by using<br />
the command set port qos mod/port cos 0. Furthermore, on all ports that are connected to<br />
conditionally-trusted endpoints (like Cisco IP Phones) it is recommended to use the command set port<br />
qos mod/port cos 0 in conjunction with the command set port qos mod/port cos-ext 0.<br />
It is recommended to leave all these port <strong>QoS</strong> settings at their defaults, with the exception of trust and<br />
cos/cos-ext—depending on the access edge model to be applied to the port, as is discussed in additional<br />
detail below.<br />
Another Catalyst-OS default behavior to keep in mind is that ACLs and aggregate policers cannot be<br />
applied to more than one port in the same manner as these can when configured in IOS. For example, if<br />
an aggregate policer called POLICE-VOIP was defined to rate-limit flows to 128 kbps and if this<br />
policer were applied to two separate ports in CatOS, then it would rate limit flows from both ports to<br />
combined total of 128 kbps, instead of (the preferred behavior of) limiting flows to 128 kbps on a<br />
per-port basis (as is the case when configured in IOS). To work around this default behavior, ACLs and<br />
aggregate policers have to be uniquely defined on a per-port basis. To facilitate the administration of this<br />
additional configuration complexity, it is recommended that all CatOS ACLs and aggregate policers be<br />
defined with names that include the module and port they are to be applied to. For example, the<br />
previously defined aggregate policer POLICE-VOIP would become POLICE-VOIP-3-1 when applied<br />
to port 3/1 and POLICE-VOIP-3-2 when applied to port 3/2. This is the nomenclature adopted in the<br />
examples to follow in this chapter.<br />
Note Administrators should keep in mind the maximum number of aggregate policers that can be configured<br />
via CatOS on a given Catalyst 6500 switch (currently 1023) when designing their access-edge policies.<br />
Depending on the chassis/linecard combination, this maximum number of aggregate policers may<br />
present scaling limitations to the advanced models presented in this design chapter.<br />
Catalyst 6500—Trusted Endpoint Model<br />
Configuration<br />
This section includes the following topics:<br />
Configuration<br />
Catalyst 6500 CatOS <strong>QoS</strong> Verification Commands<br />
For most Catalyst 6500 switch ports, setting the trust state to trust DSCP is a relatively straightforward<br />
command (in either CatOS or in IOS).<br />
In this first example, DSCP trust is configured on a port in CatOS; in the second, DSCP trust is<br />
configured on a port/interface in IOS.<br />
Version 3.3